Chapter 12 Setting Up Logging And Notification - Watchguard Firebox X1000 User Manual
Vpn gateway
Hide thumbs
Also See for Firebox X1000:
- Reference manual (264 pages) ,
- Quick start manual (38 pages) ,
- Hardware manual (30 pages)
Table of Contents
Advertisement
Setting Up Logging
CHAPTER 12
and Notification
An event is any single activity that occurs at the Fire-
box, such as denying a packet from passing through
the Firebox. Logging is the recording of these events to
a log host. A notification is a message sent to the
administrator by the Firebox when an event occurs
that indicates a security threat. Notification can be in
the form of email, a popup window on the Watch-
Guard Security Event Processor (WSEP), a call to a
pager, or the execution of a custom program.
For example, WatchGuard recommends that you con-
figure default packet handling to issue a notification
when the Firebox detects a port space probe. When the
Firebox detects one, the log host sends notification to
the network security administrator about the rejected
packets. At this point, the network security adminis-
trator can examine the logs and decide what to do to
further secure the organization's network. Some possi-
ble courses of action would be to:
•
•
•
User Guide
Block the ports on which the probe was attempted
Block the IP address that is sending the packets
Contact the ISP through which the packets are
being sent
199
Hide quick links:
Advertisement
Table of Contents
